Malware Analysis Report

2025-01-18 20:29

Sample ID 241202-hgd6tatpa1
Target b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118
SHA256 00b36e7439c5d81198923d6ee2c5cfac0b4263280adeff9e266654a3c476955a
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

00b36e7439c5d81198923d6ee2c5cfac0b4263280adeff9e266654a3c476955a

Threat Level: Known bad

The file b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist Ransomware

Xorist family

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 06:42

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 06:42

Reported

2024-12-02 06:44

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_neutral_1678e66e0cbb04b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00d.inf_amd64_neutral_0600b2ba575729f4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_neutral_7617862a9cc286da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_neutral_23613e3dd9401f10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_neutral_a64d66bac757464c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnkm004.inf_amd64_neutral_d2aee42dc9c393ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc11.inf_amd64_neutral_bb18e5f134c40c68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_neutral_232b95977cf6d84c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_neutral_31d10a1a73b4feaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnxx002.inf_amd64_neutral_560fdd891b24f384\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00a.inf_amd64_neutral_92a4c727cdf4c2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_neutral_54f2470c084714e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_neutral_9d0740f32ce81d24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\dicts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_neutral_6e65ea91a16f922a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00v.inf_amd64_neutral_86ff307c66080d00\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_neutral_6708ad28050a6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_neutral_d1563e8412461eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky303.inf_amd64_ja-jp_b054bb0d59e0a3ad\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Defender\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\3082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e560288e34f95bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_54bb94fdf5a91769\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_16c9bea073d666d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cdc890961bc0fbb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_abe31ffb8f99dfbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_hpoa1ss.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_861ee0b6fbd7dde8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9aaf9f8dffe919f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-mls.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a96104734a0c6a1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_839b02ed84198cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..rectplay8.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3880fee08332b130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..s-mdac-simpdata_tlb_31bf3856ad364e35_6.1.7600.16385_none_e9b8547eaeba507c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-search-adm.resources_31bf3856ad364e35_7.0.7600.16385_en-us_73dd05ab43165ac9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_774f231c5b0ae344\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a6f41288d2f4c944\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_32d8ed167cb2bf62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_comsvcconfig.resources_b03f5f7f11d50a3a_6.1.7601.17514_es-es_47128484920e98b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_703a658bb8025c25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx35linq-system...a.datasetextensions_31bf3856ad364e35_6.1.7601.17514_none_59288b04da432139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-pifmgr_31bf3856ad364e35_6.1.7601.17514_none_b1707f244ce45eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..on0viewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_9ccc8358c385840b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Networking\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..utoenroll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16f7dbd4736deb32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..remote-provider-dll_31bf3856ad364e35_6.1.7601.17514_none_064a0b28b6145bf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_scsidev.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6ad56145a211530a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpf-winfxtargets_31bf3856ad364e35_6.1.7600.16385_none_252c8641bb943e1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.serviceprocess.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_ef8a984ccd16191c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.17514_none_9c12e14f7dfecaf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..dlinehelp.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4607ba621c6b5777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..structure.resources_31bf3856ad364e35_6.1.7601.17514_de-de_513edc990604dfb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msswch_31bf3856ad364e35_6.1.7600.16385_none_cef0c55401c324b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_acpi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0fa7d070e2960b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_28cc097097c60a1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_33ec3c0b10770ea3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-c..rolpaneldisplay-adm_31bf3856ad364e35_6.1.7600.16385_none_c5fb78c4c8ecc851\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-basics.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_417f6f55559db4ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fb8acfa080f64d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_bth-user.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cccf6fafc7264ac7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w32time-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac517048b9a8287d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\E8EBCC90469BFE03EA485673BA14799F\4.7.3062\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_39fac466966dd4f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0d10273bbfe78c12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.powershel..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_4690ad2c7322309f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ru-ru_a13dea73a92ad990\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_6.1.7600.16385_none_f60cc30a4a2fb068\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ce1d87149358b81e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8d9526c50c4399e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winre-recoverytools_31bf3856ad364e35_6.1.7600.16385_none_3142c61b8ada510f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-certutil.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fec96b363ccb6fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c75de581a6dbdfaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9eea396542b09367\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d5547640d316675a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_it-it_f057b14af78fa0ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..nt-client.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e44bb9a9ea37ea81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_ceb194d2fc8f5269\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wceisvista.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3b0908dad80413b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_76444428a8bffc83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_zh-cn_70897adaf67ef72e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe,0" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vdbkill C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vdbkill\ = "EALOKZJCITOVLQN" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open\command C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe"

Network

N/A

Files

memory/2128-0-0x0000000000400000-0x0000000000410000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9e42f042703a1218d6c240e86a10bce7
SHA1 d93dfb855aa63b2fa1b925823bfd0916516bf0ff
SHA256 45bd101248b2229f07b513f133793e875bb4c66b578e674300cc7ddced1ddfb3
SHA512 0d0b0de68e23e9e3b34c74d2f32126cfff94c4b205a06522389953af0f9cff8f434f3623d4823ee78d07b6d60d0b6fe451918e715fce9fc81965ba42f0b3771d

memory/2128-4766-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2128-4767-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2128-4768-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2128-4770-0x0000000000400000-0x0000000000410000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-02 06:42

Reported

2024-12-02 06:44

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_6383331cfa0a32be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsUpdate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_9f214efed426c12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..rolviewer.resources_31bf3856ad364e35_11.0.19041.1_es-es_9676a876fb5d122e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-applicationmodel-core-winrt_31bf3856ad364e35_10.0.19041.746_none_93dc68edc428ac32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.build.utilities.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_46121d19d4e92b51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..cess-poom.resources_31bf3856ad364e35_10.0.19041.1_it-it_c6ad66ca42443af4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wsp-health.resources_31bf3856ad364e35_10.0.19041.1_de-de_a23fb9132ab51008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f19778ed77062c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres_31bf3856ad364e35_10.0.19041.1_none_321a321236e44693\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe.resources_31bf3856ad364e35_10.0.19041.1_en-us_5e4b43a9a22bb04c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..n-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9d199a5798fb9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_10.0.19041.746_none_d19001beed7624dc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_multipoint-wmsstatustab.resources_31bf3856ad364e35_10.0.19041.1_it-it_18f91af06ad4ab97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1266_none_d615a46735302b29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_a753cd1aa75c026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..-brightnessoverride_31bf3856ad364e35_10.0.19041.746_none_6efacde02c8ff6d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..re-security-webauth_31bf3856ad364e35_10.0.19041.264_none_4014104f46c9a846\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040a_31bf3856ad364e35_10.0.19041.1_none_b27c8a6ef5e61955\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-photobase_31bf3856ad364e35_10.0.19041.1_none_f67180963a5bde5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_10.0.19041.207_en-us_034a758b1fbf3096\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netr28ux.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_af4c8003ca6f5c9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_vstxraid.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_37eff9fd5fd3b8b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-c..llmanageretw-events_31bf3856ad364e35_10.0.19041.1_none_38d9e41fcaebe0b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-editions-professional_31bf3856ad364e35_10.0.19041.264_none_ba5e4a287945a683\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p9np_31bf3856ad364e35_10.0.19041.1_none_6a6acb72ee41fd01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_nl-nl_cc1a553810af34e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-signalmanager_31bf3856ad364e35_10.0.19041.264_none_bcf75b4aec20c233\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_es-es_603f255ef6a960c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_c_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b60e3a80ba205656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_3d6afb403e8c5716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wdmaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_40f80d1e0ba170b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-setup-cleanup-task_31bf3856ad364e35_10.0.19041.1_none_02f8a5eb170588ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.internati..ngs.commands.module_31bf3856ad364e35_10.0.19041.1_none_b8df611185daa388\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..appvprogrammability_31bf3856ad364e35_10.0.19041.746_none_ca08a5430d378c28\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..verydrive.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c6fa5a079e49d943\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_es-es_2d6bea4400ef996a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ne-client-overrides_31bf3856ad364e35_10.0.19041.1052_none_a74b8f64d78e3b2f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_de-de_2e2190de958d3233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.19041.264_none_0b9a2e5cdd119cfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_mmcss.resources_31bf3856ad364e35_10.0.19041.1_es-es_6386d2f6d6c7ceff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-cryptowinrt-dll_31bf3856ad364e35_10.0.19041.1_none_0d023d79ef1370ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..notificationmanager_31bf3856ad364e35_10.0.19041.746_none_afe69a9ffef04964\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..mprovider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0c5b3a30ad8ffaee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-onex_31bf3856ad364e35_10.0.19041.928_none_8e30b543b0799c2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ddoiproxy_31bf3856ad364e35_10.0.19041.1_none_f55a05389d7236c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.19041.1_en-us_207ebb127a39169b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-icm-base_31bf3856ad364e35_10.0.19041.264_none_00a98b36e844917b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.117_none_4d353cf1ceb5d6d2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.19041.546_none_964c9e068c1b0905\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.activities.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_5713e1bf0cdca2f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_ipoib6x.inf_31bf3856ad364e35_10.0.19041.1_none_7dbd8ed970010e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.264_none_62496caeba2daa52\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.19041.1_none_c623bfbd8956aa49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfvdsp_31bf3856ad364e35_10.0.19041.746_none_e20a9893e49df51e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_10.0.19041.1_none_f5f4f51cfb3d0189\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-l..ncontroller-library_31bf3856ad364e35_10.0.19041.264_none_90ba872b37ccf2cd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-wmi.resources_31bf3856ad364e35_10.0.19041.1_it-it_282cacc1c85f50a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-v..2provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_fcc8fb29ba9929f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_it-it_8c1f45ace55f13f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.19041.1_de-de_08589c9287cf20ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\IESecurity\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.19041.1_none_f725ad3465e95fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vdbkill C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\DefaultIcon C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe,0" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open\command C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\YBZ5IRlP141LS01.exe" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vdbkill\ = "EALOKZJCITOVLQN" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EALOKZJCITOVLQN\shell C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\b7516b479f88d9b9b5ad6a5293a4c0b0_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/728-0-0x0000000000400000-0x0000000000410000-memory.dmp

C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 9e42f042703a1218d6c240e86a10bce7
SHA1 d93dfb855aa63b2fa1b925823bfd0916516bf0ff
SHA256 45bd101248b2229f07b513f133793e875bb4c66b578e674300cc7ddced1ddfb3
SHA512 0d0b0de68e23e9e3b34c74d2f32126cfff94c4b205a06522389953af0f9cff8f434f3623d4823ee78d07b6d60d0b6fe451918e715fce9fc81965ba42f0b3771d

memory/728-3858-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-3860-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-6965-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-6966-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-6967-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-6968-0x0000000000400000-0x0000000000410000-memory.dmp

memory/728-6969-0x0000000000400000-0x0000000000410000-memory.dmp